Chinaunix首页 | 论坛 | 博客

Go

  • 博客访问: 227577
  • 博文数量: 67
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 783
  • 用 户 组: 普通用户
  • 注册时间: 2013-10-12 16:29
文章分类

全部博文(67)

文章存档

2015年(1)

2014年(47)

2013年(19)

我的朋友

分类: LINUX

2014-03-31 23:36:36

原创:kylin_zeng  原创kylin_zeng:http://blog.csdn.net/kylin_fire_zeng

参考:

 

 

 

反汇编

faulty.ko

 arm-linux-objdump -D faulty.ko > faulty.dis

cat

faulty.dis

)可以看到如下的语句如下:

反汇编hello.ko( arm-linux-objdump -D hello.ko > faulty.dis )可以看到如下的语句如下:
反汇编

00000000 :
   0: e1a0c00d  mov ip, sp
   4: e92dd830  push {r4, r5, fp, ip, lr, pc}
   8: e24cb004  sub fp, ip, #4 ; 0x4
   c: e3a04000  mov r4, #0 ; 0x0
  10: ea000003  b 24
  14: e1a01004  mov r1, r4
  18: e59f0020  ldr r0, [pc, #32] ; 40
  1c: ebfffffe  bl 0
  20: e2844001  add r4, r4, #1 ; 0x1
  24: e59f3018  ldr r3, [pc, #24] ; 44
  28: e5933000  ldr r3, [r3]
  2c: e1540003  cmp r4, r3
  30: bafffff7  blt 14
  34: e3a00000  mov r0, #0 ; 0x0
  38: e5800000  str r0, [r0]    ///////////////////这里错了
  3c: e89da830  ldm sp, {r4, r5, fp, sp, pc} 
  40: 00000032  .word 0x00000032
  44: 00000000  .word 0x00000000

 

 

faulty.dis

 

)可以看到如下的语句如下:

反汇编hello.ko( arm-linux-objdump -S -D hello.ko > faulty.dis )可以看到如下的语句如下:

反汇编

 

 static int __init yuer_init(void)
{
   int i;
   for(i=0; i   20: e2844001  add r4, r4, #1 ; 0x1
  24: e59f3018  ldr r3, [pc, #24] ; 44
  28: e5933000  ldr r3, [r3]
  2c: e1540003  cmp r4, r3
  30: bafffff7  blt 14
   {
       printk(KERN_ALERT "Hello, How are you. %d\n", i);
   }


   *(int*)0=0;
  34: e3a00000  mov r0, #0 ; 0x0
  38: e5800000  str r0, [r0]
   return 0;
}

 

faulty.ko

 

 

 arm-linux-objdump -D faulty.ko > faulty.dis

 

 

cat

 

faulty.dis

 

)可以看到如下的语句如下:

 

 

 二、

http://blog.chinaunix.net/uid-291731-id-3142689.html


最近在调试USB驱动的过程中,偶尔会出现拔出USB线缆时kernel会有oops错误,以下是对kernel oops错误调试的简单记录,该方法也适用于panic错误。

 

oops错误日志信息:


Unable to handle kernel NULL pointer dereference at virtual address 00000020
pgd = 80004000
[00000020] *pgd=00000000
Internal error: Oops: 17 [#1] PREEMPT
last sysfs file: /sys/devices/platform/mxsdhci.2/mmc_host/mmc0/mmc0:0001/boot_bus_config
CPU: 0 Not tainted (2.6.35.3 #10)
PC is at fsg_main_thread+0x144/0x730
LR is at schedule+0x2ac/0x328
pc : [<8025b0b4>] lr : [<802ac778>] psr: 60000013
sp : cfcd3f88 ip : cfcd3f38 fp : cfcd3fc4
r10: cfcd2000 r9 : cf081640 r8 : 00000200
r7 : 80356ac8 r6 : cfcd2000 r5 : cf081678 r4 : cf081600
r3 : 00000000 r2 : 00000000 r1 : 00000000 r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
Control: 10c5387d Table: bd2a0019 DAC: 00000017
Process file-storage-ga (pid: 871, stack limit = 0xcfcd22e8)
Stack: (0xcfcd3f88 to 0xcfcd4000)
3f80: cf08167c cfcd3f98 802ac648 cf0816b0 00000000 cf029ed8
3fa0: cfcd3fcc 8025af70 cf081600 00000000 00000000 00000000 cfcd3ff4 cfcd3fc8
3fc0: 8006565c 8025af7c 00000000 00000000 cfcd3fd0 cfcd3fd0 cf029ed8 800655d8
3fe0: 80051d14 00000013 00000000 cfcd3ff8 80051d14 800655e4 eda8ff35 f7efad76
Backtrace:
[<8025af70>] (fsg_main_thread+0x0/0x730) from [<8006565c>] (kthread+0x84/0x8c)
[<800655d8>] (kthread+0x0/0x8c) from [<80051d14>] (do_exit+0x0/0x65c)
r7:00000013 r6:80051d14 r5:800655d8 r4:cf029ed8
Code: e5953004 e3530001 1afffff8 e5953018 (e5932020)
---[ end trace 38aa9563884a33ec ]---


遇 到了空指针错误,PC指针指向fsg_main_thread+0x144 处,fsg_main_thread()函数位于driver/usb/gadgate/file_storage.c这个文件内,但是0x144的 offset是哪一行呢?由于发生这个oops的kernel缺省没有包含debug信息,所以需要重新生成一个带debug info的vmlinux,步骤如下:
运行make menuconfig之后选中,


kernel hacking->Kernel debugging->Compile the kernel with debug info
这样编译出来的vmlinux就带调试符号了。


打开编译好的kernel vmlinux所在目录的符号表文件System.map,搜索fsg_main_thread,找到所在的行,最左边的就是fsg_main_thread的地址了,即8025af70,偏移0x144,最终出错的地址是:


0x8025af70+0x144=0x8025b0b4


此时用编译kernel的toolchain中的gdb工具打开带调式符号的vmlinux,


toolchain/arm-eabi-4.4.3/bin/arm-eabi-gdb kernel/vmlinux
在gdb中使用b命令设置断点


(gdb) b * 0x8025b0b4
最终得到了出错的代码行号


Breakpoint 1 at  0x8025b0b4 : file drivers/usb/gadget/file_storage.c, line 2750.
拿到了行号就可以继续深入debug了,在该行前后加一些BUG_ON()宏对变量进行测试,最终找到出错的语句。

 


 例如:

Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = c0004000
[00000008] *pgd=00000000
Internal error: Oops: 17 [#1] PREEMPT
last sysfs file: /sys/devices/virtual/ubi/ubi1/min_io_size
Modules linked in: g_file_storage starthid dm365mmap edmak irqk cmemk beeptest
CPU: 0    Not tainted  (2.6.32.17-davinci1-Xan2.0 #67)
PC is at cppi_completion+0xc4/0x2d0
LR is at cppi_completion+0x6c/0x2d0
pc : []    lr : []    psr: 80000093
sp : c2391d60  ip : fffffffc  fp : c2391db4
r10: c304e400  r9 : c304e424  r8 : fec64100
r7 : 00000000  r6 : c304e400  r5 : c304e400  r4 : 00000000
r3 : 00000000  r2 : 00000fcd  r1 : ff000800  r0 : fec64100
Flags: Nzcv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 0005317f  Table: 80070000  DAC: 00000017
Process file-storage-ga (pid: 1351, stack limit = 0xc2390270)
Stack: (0xc2391d60 to 0xc2392000)
1d60: c2391dcc c2391d70 c023fe48 c023f638 00000001 00000000 c3011000 fec64400
1d80: fffffffc 00000001 00000000 00000000 c3011000 00000001 fec64000 00000001
1da0: 40000013 00062900 c2391df4 c2391db8 c023c198 c02404b0 fec64510 00000001
1dc0: c2391dfc c2391dd0 c023ffa0 c3065a40 00000000 00000000 0000000c 00000001
1de0: c2390000 00062900 c2391e14 c2391df8 c00ca498 c023c130 c2390000 c040ea08
1e00: 0000000c c3065a40 c2391e34 c2391e18 c00cc43c c00ca464 0000000c 00000000
1e20: c3011124 00000002 c2391e4c c2391e38 c0087070 c00cc304 ffffffff fec48000
1e40: c2391ec4 c2391e50 c0087b4c c0087010 00000001 00000000 c2390000 00000001
1e60: c2273dc0 00000000 c3011124 60000013 c3011000 00000000 00062900 c2391ec4
1e80: c2391e68 c2391e98 c023dd7c c023e1fc 80000013 ffffffff 00000000 c3601c20
1ea0: 60000013 00000000 60000013 c2390000 c20e6400 fffffffb c2391fc4 c2391ec8
1ec0: bf03a58c c023e0e4 c20e64e0 bf03c67c c2390000 c20e64bc c20e6470 c20e6440
1ee0: c20e6479 c20e6477 c20e6478 c20e6404 c20e64dc c20e6475 c20e6474 c20e6473
1f00: c040c3d0 00000001 bf03a3f4 c2390000 0000000a 00000000 00000000 00000000
1f20: 00000000 c23be000 ffffffff c042f44c c2390000 00000000 c2391f6c c2391f48
1f40: c00b8330 c0095544 00000000 c0094fbc c23be01c c3601c20 00000017 c3600fa0
1f60: c2391f84 c2391f70 c00b8378 c00b82f0 00000000 c21ce180 c2391fc4 c2391f88
1f80: c0323334 c0095544 c0323584 c3601c98 c3601cb8 c3601dc0 c2391fc4 c2391fcc
1fa0: c2353e70 c20e6400 bf03a3f4 00000000 00000000 00000000 c2391ff4 c2391fc8
1fc0: c00b2db8 bf03a404 00000000 00000000 c2391fd0 c2391fd0 00000000 00000000
1fe0: 00000000 00000000 00000000 c2391ff8 c00a00b4 c00b2d40 00001fec 00012c1c
Backtrace:
[] (cppi_completion+0x0/0x2d0) from [] (davinci_interrupt+0x78/0x1e8)
[] (davinci_interrupt+0x0/0x1e8) from [] (handle_IRQ_event+0x44/0x114)
[] (handle_IRQ_event+0x0/0x114) from [] (handle_edge_irq+0x148/0x1b4)
 r7:c3065a40 r6:0000000c r5:c040ea08 r4:c2390000
[] (handle_edge_irq+0x0/0x1b4) from [] (asm_do_IRQ+0x70/0x8c)
 r7:00000002 r6:c3011124 r5:00000000 r4:0000000c
[] (asm_do_IRQ+0x0/0x8c) from [] (__irq_svc+0x4c/0x90)
Exception stack(0xc2391e50 to 0xc2391e98)
1e40:                                     00000001 00000000 c2390000 00000001
1e60: c2273dc0 00000000 c3011124 60000013 c3011000 00000000 00062900 c2391ec4
1e80: c2391e68 c2391e98 c023dd7c c023e1fc 80000013 ffffffff
 r5:fec48000 r4:ffffffff
[] (musb_gadget_dequeue+0x0/0x170) from [] (fsg_main_thread+0x198/0x18c8 [g_file_storage])
 r8:fffffffb r7:c20e6400 r6:c2390000 r5:60000013 r4:00000000
[] (fsg_main_thread+0x0/0x18c8 [g_file_storage]) from [] (kthread+0x88/0x90)
[] (kthread+0x0/0x90) from [] (do_exit+0x0/0x668)
 r7:00000000 r6:00000000 r5:00000000 r4:00000000
Code: e594c00c e59f0208 e58dc00c eb038a4b (e1d430b8)

 

1、vi   System.map

搜索:cppi_completion  ===》   c02404a0 T cppi_completion

2、因为:cppi_completion+0xc4/0x2d0   ==》 偏移0xc4  => 0xc02404a0 + 0xc4 = 0xc0240564

3、arm-none-linux-gnueabi-gdb  vmlinux

4、(gdb)   b*0xc0240564  => Breakpoint 1 at 0xc0240564: file drivers/usb/musb/cppi_dma.c, line 979.

 


 (gdb) b *0xc0282b68
(gdb) disassemble 0xc0282b68

阅读(1391) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~